ModSecurity

ModSecurity is an efficient firewall for Apache web servers that is used to prevent attacks against web applications. It monitors the HTTP traffic to a given site in real time and prevents any intrusion attempts the instant it discovers them. The firewall relies on a set of rules to do that - as an example, trying to log in to a script admin area without success a few times activates one rule, sending a request to execute a certain file which may result in getting access to the Internet site triggers another rule, etc. ModSecurity is one of the best firewalls available and it'll protect even scripts which are not updated often because it can prevent attackers from using known exploits and security holes. Very comprehensive info about each and every intrusion attempt is recorded and the logs the firewall keeps are a lot more specific than the conventional logs provided by the Apache server, so you could later take a look at them and decide if you need to take more measures in order to increase the security of your script-driven websites.

ModSecurity in Cloud Hosting

ModSecurity is supplied with all cloud hosting web servers, so when you choose to host your websites with our company, they shall be shielded from an array of attacks. The firewall is enabled as standard for all domains and subdomains, so there'll be nothing you'll need to do on your end. You shall be able to stop ModSecurity for any website if required, or to switch on a detection mode, so that all activity shall be recorded, but the firewall will not take any real action. You'll be able to view detailed logs via your Hepsia CP including the IP address where the attack originated from, what the attacker wished to do and how ModSecurity handled the threat. Since we take the protection of our customers' websites very seriously, we employ a set of commercial rules that we get from one of the leading firms that maintain this sort of rules. Our admins also add custom rules to ensure that your Internet sites will be shielded from as many risks as possible.

ModSecurity in Semi-dedicated Hosting

We've included ModSecurity as a standard in all semi-dedicated hosting packages, so your web applications will be protected as soon as you install them under any domain or subdomain. The Hepsia Control Panel which comes with the semi-dedicated accounts shall permit you to switch on or turn off the firewall for any site with a click. You will also be able to switch on a passive detection mode with which ModSecurity shall keep a log of possible attacks without actually preventing them. The comprehensive logs contain the nature of the attack and what ModSecurity response that attack initiated, where it came from, and so forth. The list of rules which we use is constantly updated as to match any new risks which could appear on the Internet and it comes with both commercial rules that we get from a security business and custom-written ones that our administrators add in the event that they discover a threat that's not present inside the commercial list yet.

ModSecurity in VPS Web Hosting

Safety is extremely important to us, so we install ModSecurity on all virtual private servers that are provided with the Hepsia Control Panel as a standard. The firewall could be managed through a dedicated section within Hepsia and is turned on automatically when you include a new domain or generate a subdomain, so you will not have to do anything by hand. You'll also be able to deactivate it or activate the so-called detection mode, so it'll maintain a log of potential attacks that you can later analyze, but will not stop them. The logs in both passive and active modes offer information regarding the type of the attack and how it was prevented, what IP it originated from and other valuable data that could help you to tighten the security of your sites by updating them or blocking IPs, for example. In addition to the commercial rules we get for ModSecurity from a third-party security enterprise, we also use our own rules because every now and then we discover specific attacks which are not yet present within the commercial pack. This way, we can easily increase the security of your VPS instantly rather than awaiting a certified update.

ModSecurity in Dedicated Servers Hosting

ModSecurity is provided with all dedicated servers which are integrated with our Hepsia CP and you will not have to do anything specific on your end to employ it since it is enabled by default each time you add a new domain or subdomain on your server. If it interferes with some of your applications, you shall be able to stop it via the respective area of Hepsia, or you may leave it operating in passive mode, so it shall detect attacks and will still maintain a log for them, but will not stop them. You may examine the logs later to find out what you can do to boost the safety of your sites since you'll find details such as where an intrusion attempt came from, what Internet site was attacked and based on what rule ModSecurity responded, and so on. The rules that we use are commercial, hence they're regularly updated by a security provider, but to be on the safe side, our admins also add custom rules from time to time as to respond to any new threats they have identified.